[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 30 20:12:17 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
94f12f02 by security tracker role at 2024-11-30T20:12:12+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2024-12002 (A vulnerability classified as problematic was found in Tenda FH451, FH ...)
+	TODO: check
+CVE-2024-12001 (A vulnerability classified as problematic has been found in code-proje ...)
+	TODO: check
+CVE-2024-12000 (A vulnerability was found in code-projects Blood Bank System 1.0. It h ...)
+	TODO: check
+CVE-2024-11998 (A vulnerability was found in code-projects Farmacia 1.0. It has been d ...)
+	TODO: check
 CVE-2024-54159 (stalld through 1.19.7 allows local users to cause a denial of service  ...)
 	NOT-FOR-US: stalld
 CVE-2024-53623 (Incorrect access control in the component l_0_0.xml of TP-Link ARCHER- ...)
@@ -478,6 +486,7 @@ CVE-2024-54004 (Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does
 CVE-2024-5921 (An insufficient certification validation issue in the Palo Alto Networ ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2024-53849 (editorconfig-core-c  is  theEditorConfig core library written in C (fo ...)
+	{DLA-3978-1}
 	- editorconfig-core 0.12.7-0.1
 	[bookworm] - editorconfig-core <no-dsa> (Minor issue)
 	NOTE: https://github.com/editorconfig/editorconfig-core-c/security/advisories/GHSA-475j-wc37-6274
@@ -3651,11 +3660,13 @@ CVE-2023-49952 (Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a byp
 CVE-2024-5030 (The CM Table Of Contents  WordPress plugin before 1.2.3 does not have  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.2 ...)
+	{DLA-3979-1}
 	- lemonldap-ng 2.20.1+ds-1
 	[bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257
 	NOTE: Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/600ba2c0b3d4bb0a4dd2eb9d8b612edcca8805dc (v2.20.1)
 CVE-2024-52946 (An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Ch ...)
+	{DLA-3979-1}
 	- lemonldap-ng 2.20.1+ds-1
 	[bookworm] - lemonldap-ng <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3255
@@ -15556,6 +15567,7 @@ CVE-2024-48942 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and
 CVE-2024-48941 (The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbuc ...)
 	NOT-FOR-US: Jira plugin
 CVE-2024-48933 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.1 ...)
+	{DLA-3979-1}
 	- lemonldap-ng 2.20.0+ds-1 (bug #1084979)
 	[bookworm] - lemonldap-ng 2.16.1+ds-deb12u3
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
@@ -22676,6 +22688,7 @@ CVE-2024-7349 (The LifterLMS \u2013 WP LMS for eLearning, Online Courses, & Quiz
 CVE-2024-6792 (The WP ULike  WordPress plugin before 4.7.2.1 does not properly saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-45751 (tgt (aka Linux target framework) before 1.0.93 attempts to achieve ent ...)
+	{DLA-3976-1}
 	- tgt 1:1.0.85-1.3 (bug #1081158)
 	[bookworm] - tgt 1:1.0.85-1+deb12u1
 	NOTE: https://github.com/fujita/tgt/pull/67
@@ -24310,6 +24323,7 @@ CVE-2024-45048 (PHPSpreadsheet is a pure PHP library for reading and writing spr
 CVE-2024-45046 (PHPSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
 	NOT-FOR-US: PHPSpreadsheet
 CVE-2024-43700 (xfpt versions prior to 1.01 fails to handle appropriately some paramet ...)
+	{DLA-3977-1}
 	- xfpt 1.00-3 (bug #1080219)
 	[bookworm] - xfpt 0.11-1+deb12u1
 	NOTE: https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
@@ -150450,6 +150464,7 @@ CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...)
 	NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive
 CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...)
+	{DLA-3978-1}
 	- editorconfig-core 0.12.6-0.1
 	[buster] - editorconfig-core <no-dsa> (Minor issue)
 	NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/94f12f02030d3b37dc00b8cc5257458915a4bc76
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241130/99542157/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list